Blog Post

Emerging Data Sources Insights Part 2: Is That Search Complete?

Preservation and search offerings in mature suites from providers such as Microsoft and Google do provide benefits in helping legal, and IT teams drive down the volume and cost of e-discovery collections in certain instances. At the same time, when e-discovery functions are carried out without proper understanding of nuances around emerging data sources or the supervision of digital forensics experts, costly mistakes and oversights — such as increased costs, sanctions for failing to comply with disclosure requirements, delays and omission of important facts — can occur.

Specifically, in the early stages of a matter, several common pitfalls arise when emerging data sources are collected using standard in-house e-discovery tools. These include:

  • Narrow search. When an e-discovery search is conducted in-place, without a full view of the data set and the matter, the search will likely cut too narrow a view, leading to downstream costs and delays.
  • Overburdening the search. On the opposite end of the spectrum, from searching with too little information is the issue of searching with too many terms or a lack of understanding of how search parameters can vary between platforms.
  • Extracting all the audit points. The details of a search are often not visible after extracted from the source system, leaving the review team with only a few time-limited options to validate that the collection methodology was sound and defensible.
  • Completeness and accuracy. Each technology platform has its own unique process and format for accessing and extracting information. Some of these nuances can lead to responsive documents being excluded from collection. Producing an incomplete dataset to opposing counsel or a government authority creates unnecessary risk and may lead to judicial or regulatory penalties.
  • Underutilization of tools. Unless an individual who is highly experienced with e-discovery workflows and the nature of emerging data sources is handling the collection, the full set of preservation and search capabilities will likely be underutilised. Understanding the scope of a matter and the many nuances at play early on is a significant factor in driving efficiency and optimising the available tools.

Our digital forensics and e-discovery teams at FTI Technology recently supported an internal investigation at a biotech corporation that serves as a prime example of the problems that can arise when forensically-sound preservation and collection methodologies are not agreed upon and implemented from the outset of a matter. In this case, the client’s IT team conducted the initial data collection using search and export functionality within their existing tools. Once the data was produced to our teams, we found that many of the search and export settings applied were incorrect, resulting in incomplete results and omitted delivery of key encrypted content that investigators had pre-engagement knowledge of relevance, and thus were expecting access to. This created a tremendous amount of repeat work and delays in the investigation where multiple accounts had to be re-searched and exported in short order to fill the gaps. Ultimately, the exercise cost the client far more time and expense than if they had mitigated collection issues at the outset.

This is only one of many examples wherein good intentions to leverage in-house tools and resources to reduce e-discovery volumes can go awry if forensically sound methods aren’t followed. Given the many technical complexities emerging data sources introduce into traditional e-discovery workflows, legal teams need to be strategic and careful about how and when native searches within existing platforms may be helpful and when they may become a hindrance to completing an e-discovery exercise efficiently.

Craig Hendley is a Managing Director within FTI Consulting’s Technology segment, and an investigations and data risk expert focused on solving complex legal and regulatory challenges for clients. Mr. Hendley brings more than a decade of experience in digital forensics. He has led high-stakes, multi-jurisdiction investigations in the U.S., U.K, Europe, Africa and India for clients in the aerospace, defence, financial, and pharmaceutical and other highly-regulated industries. He has led investigations and discovery strategy, workflow development and execution for dozens of matters involving nuanced issues relating to cloud collaboration data sources.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.